标准号:ISO/IEC TR 19791-2006
实施状态:作废
中文名称:信息技术.安全技术.操作系统的安全评定
英文名称:Information technology - Security techniques - Security assessment of operational systems
发布日期:2006-05
被替代标准:ISO/IEC TR 19791-2010
采用标准:ANSI/INCITS/ISO/IEC TR 19791-2009,IDT;GOST R ISO/IEC TR 19791-2008,IDT
起草单位:ISO/IEC JTC 1/SC 27
标准简介:This Technical Report provides guidance and criteria for the security evaluation of operational systems. It
provides an extension to the scope of ISO/IEC 15408, by taking into account a number of critical aspects of
operational systems not addressed in ISO/IEC 15408 evaluation. The principal extensions that are required
address evaluation of the operational environment surrounding the TOE, and the decomposition of complex
operational systems into security domains that can be separately evaluated.
This Technical Report provides
a) a definition and model for operational systems;
b) a description of the extensions to ISO/IEC 15408 evaluation concepts needed to evaluate such
operational systems;
c) a methodology and process for performing the security evaluation of operational systems;
d) additional security evaluation criteria to address those aspects of operational systems not covered by the
ISO/IEC 15408 evaluation criteria.
This Technical Report permits the incorporation of security products evaluated against ISO/IEC 15408 into
operational systems evaluated as a whole using this Technical Report.
This Technical Report is limited to the security evaluation of operational systems and does not consider other
forms of system assessment. It does not define techniques for the identification, assessment and acceptance
of operational risk.
文件格式:PDF
文件大小:994.30KB
文件页数:172
(以上信息更新时间为:2019-11-22)
ISO_IEC TR 19791-2006 信息技术.安全技术.操作系统的安全评定.pdf
(994.3 KB)
|
|
